Add alwaysUseDefaultTargetUrl feature to AbstractProcessingFilter.

core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java

@@ -81,6 +81,12 @@ import javax.servlet.http.HttpServletResponse;
  * <code>filterProcessesUrl</code> indicates the URL that this filter will
  * respond to. This parameter varies by subclass.
  * </li>
+ * <li>
+ * <code>alwaysUseDefaultTargetUrl</code> causes successful authentication to
+ * always redirect to the <code>defaultTargetUrl</code>, even if the
+ * <code>HttpSession</code> attribute named {@link
+ * #ACEGI_SECURITY_TARGET_URL_KEY} defines the intended target URL.
+ * </li>
  * </ul>
  * 
  *
@@ -145,8 +151,23 @@ public abstract class AbstractProcessingFilter implements Filter,
      */
     private String filterProcessesUrl = getDefaultFilterProcessesUrl();
 
+    /**
+     * If <code>true</code>, will always redirect to {@link #defaultTargetUrl}
+     * upon successful authentication, irrespective of the page that caused
+     * the authentication request (defualts to <code>false</code>).
+     */
+    private boolean alwaysUseDefaultTargetUrl = false;
+
     //~ Methods ================================================================
 
+    public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) {
+        this.alwaysUseDefaultTargetUrl = alwaysUseDefaultTargetUrl;
+    }
+
+    public boolean isAlwaysUseDefaultTargetUrl() {
+        return alwaysUseDefaultTargetUrl;
+    }
+
     /**
      * Specifies the default <code>filterProcessesUrl</code> for the
      * implementation.
@@ -348,6 +369,10 @@ public abstract class AbstractProcessingFilter implements Filter,
             String targetUrl = (String) httpRequest.getSession().getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
             httpRequest.getSession().removeAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
 
+            if (alwaysUseDefaultTargetUrl == true) {
+                targetUrl = null;
+            }
+
             if (targetUrl == null) {
                 targetUrl = httpRequest.getContextPath() + defaultTargetUrl;
             }

core/src/test/java/org/acegisecurity/ui/AbstractProcessingFilterTests.java

@@ -345,6 +345,35 @@ public class AbstractProcessingFilterTests extends TestCase {
         assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
     }
 
+    public void testSuccessfulAuthenticationButWithAlwaysUseDefaultTargetUrlCausesRedirectToDefaultTargetUrl()
+        throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest("");
+        request.setServletPath("/j_mock_post");
+        request.setRequestURL("http://www.example.com/mycontext/j_mock_post");
+        request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
+            "/my-destination");
+
+        // Setup our filter configuration
+        MockFilterConfig config = new MockFilterConfig();
+
+        // Setup our expectation that the filter chain will be invoked, as we want to go to the location requested in the session
+        MockFilterChain chain = new MockFilterChain(true);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        // Setup our test object, to grant access
+        MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
+        filter.setFilterProcessesUrl("/j_mock_post");
+        filter.setDefaultTargetUrl("/foobar");
+        filter.setAlwaysUseDefaultTargetUrl(true);
+
+        // Test
+        executeFilterInContainerSimulator(config, filter, request, response,
+            chain);
+        assertEquals("/foobar", response.getRedirect());
+        assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
+    }
+
     public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl()
         throws Exception {
         // Setup our HTTP request

doc/xdocs/changes.xml

@@ -42,6 +42,7 @@
       <action dev="benalex" type="add">Added net.sf.acegisecurity.intercept.event package</action>
       <action dev="benalex" type="add">Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD</action>
       <action dev="benalex" type="add">Added additional remoting protocol demonstrations to Contacts sample</action>
+      <action dev="benalex" type="add">Added AbstractProcessingFilter property to always use defaultTargetUrl</action>
       <action dev="benalex" type="update">Improved BasicAclProvider to only respond to specified ACL object requests</action>
       <action dev="benalex" type="update">Refactored MethodDefinitionSource to work with Method, not MethodInvocation</action>
       <action dev="benalex" type="update">Refactored AbstractSecurityInterceptor to better support other AOP libraries</action>